• << Back to Articles for Collectors

Websites Use "Cookies" to Monitor Online Users

I've been learning about cookies lately and I'd like to share my findings with you. I'm not talking about the kind that you buy at the store or bake with the kids. I'm talking about the kind that hundreds of thousands of websites can attach to your computer's hard drive without you ever knowing it.

According to the former Junkbusters.com, "a cookie is a unique identifier that a web server places on your computer-- a serial number for you personally that can be used to retrieve your records from their databases. It's usually a string of random-looking letters long enough to be unique." Once a cookie is attached or 'set' in your computer, it tracks your movement around the website that sets it and provides this information back to the site's owners.

The main benefit of cookies is that they help you to navigate websites, particularly those where you purchase goods or services and have to fill out forms with your name, address, and payment information. Cookies remember this personal information so that you don't have to fill out the same form over and over again every time you make a new purchase. Unfortunately, other cookies help the websites that set them far more than they help you.

They provide personal information that you may not want other people to know. Depending on the nature of a cookie, it can identify the type of computer you're working on, the software you're using, and in some cases, may even be able to get your email address. Depending on a site's privacy policy (which you should always read), this data may or may not be made available for sale to outside advertisers, marketing firms, junk emailers, and more. Many cookies remain in your computer for years or even decades.

In the worst cases, cookies are set by sites you've never heard of while you're navigating your favorite sites. These often come from marketing firms like DoubleClick , Exoclick , or AdForce that sell advertising, analyze website effectiveness, help increase clients' online revenues, and place or monitor banner ads. This kind of cookie is capable of tracking your movement from one website to another, accumulating personal data, and sometimes making it available for sale to third parties.

The amazing thing about the more intrusive cookies is that nobody would tolerate this sort of behavior in real life. Imagine, for example, being stopped at the entrance to your local grocery store or gas station and asked to show identification in order to get in. While you're there, imagine being observed by a security guard who takes notes on what you're doing or being recorded by a hidden camera as you walk around. Information gathering cookies are not nearly so obvious, but this is essentially what they do once they get inside your computer.

Fortunately, you can fight back against these invasions of privacy. Websites like Aboutcookies.org contain virtually everything you need to know about who's watching you, what they're doing, how you can find out who they are, and how to control the cookie-setters in order to keep your personal information personal. They post a page about how to delete cookies here, and one about how to control cookies here.

For example, I have my computer set to notify me whenever any website tries to set a cookie in my machine. I have the option of either accepting or declining it. I make this decision in much the same way as I do in real life. If I'm asking for help, making a purchase, or requesting information or services, I usually accept the cookie. If I'd rather look around first, make my decisions later, or find that the site has nothing to offer, I usually decline the cookie. This turns the tables on the cookie-setters. You find out who they are before they find out who you are. You watch them as they follow you around and tell them to leave you alone whenever they get too nosy.

If you decide to monitor cookies, you'll quickly discover a small but significant percentage of cookie-happy websites. Most sites let you in with few or no requests for cookies. Some, however, attempt to set cookies dozens of times. You'll have to decline their requests over and over again in order to get in. Why they think I'll say yes on the 142nd time after I've already said no 141 times is one of the great mysteries of life. Maybe they think they can wear me down. WRONG!! I just leave.

Other sites try to set cookies from a variety of outside sites in addition to their own. I make a point of visiting these off campus cookie-setters, declining their requests to set cookies, and taking a look around their websites. You learn a lot about how online business is conducted and how personal data is collected and monitored this way.

A small minority of sites won't even let you into certain areas unless you accept their cookies. Office supply giant, Staples.com , is one such example. Online art gallery, NextMonet.com , used to insist on cookies. In their current incarnation, they require that JavaScript, a less obvious intrusion but similar in data gathering potential to cookies, be enabled in order to fully navigate their site. Like cookies, JavaScript can be enabled or disabled at any time (refer to Aboutcookies.org for further information).

Making these types of demands in order to fully navigate a website is truly idiotic because it turns away potential business. Don't these companies realize that I'll just shop for art on Artnet.com (they ask to set a cookie once and let me in whether or not I accept it) or shop for office supplies at OfficeDepot.com (they ask to set a cookie twice and let me in whether or not I accept it). I have found no site on the internet that is so essential and so compelling that I'll allow them to strip search me at the homepage in order to get in and I don't believe I ever will.

Fielding all these cookie requests or repeatedly having to fill out the same order forms can be irritating at times, but the upside is that you learn who wants to watch you, protect yourself against snoops, and control who finds out what. I avoid every single cookie-happy or ultimatum-making website that I come across and you should too. If enough of us stop visiting them and, in addition, spread the word about how intrusive they are, I'll wager that we'll see a lot less of this rude online behavior in the future. NextMonet.com is a perfect example-- they used to be blatant; now they're a little more sneaky. Maybe someday they'll be just plain friendly.

On the flip side, I regularly visit, recommend, and do business with sites that let me see I whatever want without harassing me. Four outstanding examples that let you in free and clear are AntiqueWeek.com and The Antiquarian Booksellers' Association of America . Yahoo asks to set one cookie and eBay asks to set anywhere from two to about eight, depending on where you go on the site, and you don't have to accept them unless you want to buy or sell.

Two other situations where you should think twice before giving out personal information:

* Junk emails that ask you to reply in order not to receive any future mailings. NEVER reply to junk emails; NEVER reply to "unsubscribe" options. Replying is the only way the senders get your email address. They also learn that you read their garbage and reply to it than delete it without ever looking.

* Companies that ask you to either call or email in order to get additional information not provided on their websites. You can bet you'll be placed on mailing lists with marketing firms if you do, so think twice about how badly you need what they won't give you unless you give away personal information first.